{"id":483,"date":"2012-02-01T15:31:03","date_gmt":"2012-02-01T13:31:03","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=483"},"modified":"2012-04-03T14:18:21","modified_gmt":"2012-04-03T11:18:21","slug":"continuous-security-monitoring-new-draft-by-nist","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=483","title":{"rendered":"Continuous Security Monitoring, new draft by NIST"},"content":{"rendered":"<p>NIST has produced an interesting <a href=\"http:\/\/csrc.nist.gov\/publications\/PubsNISTIRs.html\">set<\/a> of <a href=\"http:\/\/csrc.nist.gov\/publications\/drafts\/nistir-7756\/Draft-NISTIR-7756_second-public-draft.pdf\">drafts<\/a> related to <a href=\"http:\/\/en.wikipedia.org\/wiki\/Continuous_monitoring\">Continuous Monitoring<\/a>(CM).<\/p>\n<p>Continuous Monitiring here can be explained by sentence:<\/p>\n<blockquote>\n<p><em>&#8220;Continuous security monitoring is a risk management approach to Cybersecurity that maintains a<br \/>\n picture of an organization\u2019s security posture, provides visibility into assets, leverages use of<br \/>\n automated data feeds, monitors effectiveness of security controls, and enables prioritization of<br \/>\n remedies.&#8221;<\/em><\/p>\n<\/blockquote>\n<p>Enterprise Architecture view is presented below.<\/p>\n<p><img loading=\"lazy\" height=\"633\" alt=\"NIST-CM-2\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/nist-cm-2.png\" width=\"560\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>The material presented in these drafts are steps into good direction. It is definitely worth to look this material.<\/p>\n<p>Look also<\/p>\n<ul>\n<li><a href=\"http:\/\/www.dhs.gov\/xlibrary\/assets\/fns-caesars.pdf\">Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report<\/a> by DHS (Department of Homeland Security).<\/li>\n<li>Maturity model is presented <a href=\"http:\/\/scap.nist.gov\/events\/2011\/cm_workshop\/presentations\/pdf\/MELL%20-%20CAESARS%20FE%20Ref%20Model%2020110318.pdf\">here<\/a> in the SCAP&#8217;s event section.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/ceasars-maturitymodel.png\"><img loading=\"lazy\" height=\"280\" alt=\"ceasars-maturitymodel\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/02\/ceasars-maturitymodel-small.png\" width=\"640\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NIST has produced an interesting set of drafts related to Continuous Monitoring(CM). Continuous Monitiring here can be explained by sentence: &#8220;Continuous security monitoring is a risk management approach to Cybersecurity that maintains a picture of an organization\u2019s security posture, provides &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=483\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[62,53,56,26],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/483"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=483"}],"version-history":[{"count":4,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/483\/revisions"}],"predecessor-version":[{"id":636,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/483\/revisions\/636"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}